Lucene search
K

8 matches found

CVE
CVE
added 2026/06/09 7:34 a.m.45 views

CVE-2026-33582

The CVE-2026-33582 issue affects Apache Answer up to version 2.0.0, where a crafted TIFF image can trigger excessive memory allocation during decoding, allowing an authenticated user to crash the server process. Upgrade to version 2.0.1 to fix the issue. The reported CVSS vector indicates MEDIUM ...

6.5CVSS5.4AI score0.00479EPSS
CVE
CVE
added 2026/06/09 7:33 a.m.39 views

CVE-2026-25699

CVE-2026-25699 applies to Apache Answer up to version 2.0.0, where timeline-related APIs lacked proper authorization checks. This could allow regular authenticated users to access deleted, private, or unapproved content and its revision history. The issue is addressed by upgrading to version 2.0....

6.1CVSS5.4AI score0.00406EPSS
CVE
CVE
added 2026/06/10 2:57 p.m.35 views

CVE-2026-25700

CVE-2026-25700 relates to Apache Answer prior to version 2.0.1, where administrative tokens issued before an admin account was suspended, deleted, or deactivated were not invalidated. This allowed continued access to administrative APIs until those tokens expired. Affected product: Apache Answer ...

7.2CVSS5.4AI score0.00448EPSS
CVE
CVE
added 2026/06/09 7:34 a.m.35 views

CVE-2026-34031

CVE-2026-34031 concerns Apache Answer up to version 2.0.0, where the server fails to validate user-supplied image URLs used for profile avatars. This allows embedding arbitrary external content as avatars, potentially enabling unintended external requests and tracking by third-party servers. A fi...

6.5CVSS5.5AI score0.00403EPSS
CVE
CVE
added 2026/06/09 7:35 a.m.33 views

CVE-2026-34905

CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...

6.5CVSS5.4AI score0.00325EPSS
CVE
CVE
added 2026/06/09 7:32 a.m.30 views

CVE-2026-25688

CVE-2026-25688 describes an XSS vulnerability in Apache Answer. The issue is an improper neutralization of alternate XSS syntax in AI-generated responses rendered in the browser, affecting Apache Answer up to version 2.0.0. Affected behavior allows execution of malicious scripts when content is v...

6.1CVSS5.3AI score0.00406EPSS
CVE
CVE
added 2026/06/09 7:35 a.m.30 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.00372EPSS
CVE
CVE
added 2026/02/04 10:41 a.m.27 views

CVE-2026-24735

CVE-2026-24735 affects Apache Answer up to version 1.7.1. An unauthenticated API endpoint exposes the full revision history for deleted content, enabling unauthorized retrieval of restricted or sensitive information. Remediation: upgrade to version 2.0.0 (or later) where the issue is fixed. The a...

7.5CVSS5.3AI score0.00619EPSS